+48 22 5671740
Newsflash Operations: Junos: Multiple vulnerabilities in libxml2 library
Junos: Multiple vulnerabilities in libxml2 library
The libxml2 library used in Junos contains multiple vulnerabilities and services which make use of it can be affected: CLI, J-Web, JUNOScript or NETCONF.
Elevated privileges can be gained by users using cli, NETCONF, JUNOScript.
Conclusion - Workaround:
Use access lists or firewall filters to limit access to the router only from trusted hosts or users.
Disabling J-WEB, JUNOScript, NETCONF and restricting Junos CLI access to trusted users can help in reducing risks associated with these issues.
The vulnerabilities are addressed in PR984070 and it is resolved in the Junos versions:
11.4R13 12.1X44-D35 12.1X44-D40 12.1X45-D30 12.1X46-D25 12.1X47-D10 12.2R9 12.3R7 13.1R4-S2 13.1R5 13.1X50-D30 13.2R5 13.2X51-D25 13.2X52-D15 13.3R3 14.1R2 14.2R1
The customer is advised to upgrade to a release where the issue is resolved.
Voor meer informatie kunt u contact opnemen met Infradata op +31 (0)71 750 1525 of per mail naar firstname.lastname@example.org.
Partners & references